Examples with AuthenticationException org.springframework.security.core.AuthenticationException used on opensource projects

Example 1 with AuthenticationException

use of org.springframework.security.core.AuthenticationException in project head by mifos.

the class MifosLegacyUsernamePasswordAuthenticationFilter method doFilter.

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    //LocaleContextHolder.setLocale(Localization.getInstance().getConfiguredLocale());
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    AuthenticationException denied = null;
    boolean allowAuthenticationToContinue = true;
    if (MifosBatchJob.isBatchJobRunningThatRequiresExclusiveAccess()) {
        allowAuthenticationToContinue = false;
        HttpSession session = request.getSession(false);
        if (session != null) {
            session.invalidate();
        }
        denied = new AuthenticationServiceException(messages.getMessage(LoginConstants.BATCH_JOB_RUNNING, "You have been logged out of the system because batch jobs are running."));
    }
    ShutdownManager shutdownManager = (ShutdownManager) ServletUtils.getGlobal(request, ShutdownManager.class.getName());
    if (shutdownManager.isShutdownDone()) {
        allowAuthenticationToContinue = false;
        request.getSession(false).invalidate();
        denied = new AuthenticationServiceException(messages.getMessage(LoginConstants.SHUTDOWN, "You have been logged out of the system because Mifos is shutting down."));
    }
    if (shutdownManager.isInShutdownCountdownNotificationThreshold()) {
        request.setAttribute("shutdownIsImminent", true);
    }
    if (allowAuthenticationToContinue) {
        super.doFilter(request, response, chain);
    } else {
        unsuccessfulAuthentication(request, response, denied);
    }
}

Example 2 with AuthenticationException

use of org.springframework.security.core.AuthenticationException in project ORCID-Source by ORCID.

the class RegistrationController method logUserIn.

public void logUserIn(HttpServletRequest request, HttpServletResponse response, String orcidId, String password) {
    UsernamePasswordAuthenticationToken token = null;
    try {
        token = new UsernamePasswordAuthenticationToken(orcidId, password);
        token.setDetails(new WebAuthenticationDetails(request));
        Authentication authentication = authenticationManager.authenticate(token);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        if (internalSSOManager.enableCookie()) {
            // Set user cookie
            internalSSOManager.writeCookie(orcidId, request, response);
        }
    } catch (AuthenticationException e) {
        // this should never happen
        SecurityContextHolder.getContext().setAuthentication(null);
        LOGGER.warn("User {0} should have been logged-in, but we unable to due to a problem", e, (token != null ? token.getPrincipal() : "empty principle"));
    }
}

Example 3 with AuthenticationException

use of org.springframework.security.core.AuthenticationException in project libresonic by Libresonic.

the class JWTRequestParameterProcessingFilter method doFilter.

@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) resp;
    if (!findToken(request).isPresent()) {
        chain.doFilter(req, resp);
        return;
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Request is to process authentication");
    }
    Authentication authResult;
    try {
        authResult = attemptAuthentication(request, response);
        if (authResult == null) {
            // authentication
            return;
        }
    } catch (InternalAuthenticationServiceException failed) {
        logger.error("An internal error occurred while trying to authenticate the user.", failed);
        unsuccessfulAuthentication(request, response, failed);
        return;
    } catch (AuthenticationException failed) {
        // Authentication failed
        unsuccessfulAuthentication(request, response, failed);
        return;
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
    }
    SecurityContextHolder.getContext().setAuthentication(authResult);
    chain.doFilter(request, response);
}

Example 4 with AuthenticationException

use of org.springframework.security.core.AuthenticationException in project spring-boot by spring-projects.

the class SecurityAutoConfigurationTests method testCustomAuthenticationDoesNotAuthenticateWithBootSecurityUser.

@Test
public void testCustomAuthenticationDoesNotAuthenticateWithBootSecurityUser() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(AuthenticationManagerCustomizer.class, SecurityAutoConfiguration.class);
    this.context.refresh();
    SecurityProperties security = this.context.getBean(SecurityProperties.class);
    AuthenticationManager manager = this.context.getBean(AuthenticationManager.class);
    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(security.getUser().getName(), security.getUser().getPassword());
    try {
        manager.authenticate(token);
        fail("Expected Exception");
    } catch (AuthenticationException success) {
    // Expected
    }
    token = new UsernamePasswordAuthenticationToken("foo", "bar");
    assertThat(manager.authenticate(token)).isNotNull();
}

Example 5 with AuthenticationException

use of org.springframework.security.core.AuthenticationException in project spring-security by spring-projects.

the class GaeAuthenticationFilter method doFilter.

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    User googleUser = UserServiceFactory.getUserService().getCurrentUser();
    if (authentication != null && !loggedInUserMatchesGaeUser(authentication, googleUser)) {
        SecurityContextHolder.clearContext();
        authentication = null;
        ((HttpServletRequest) request).getSession().invalidate();
    }
    if (authentication == null) {
        if (googleUser != null) {
            logger.debug("Currently logged on to GAE as user " + googleUser);
            logger.debug("Authenticating to Spring Security");
            // User has returned after authenticating via GAE. Need to authenticate
            // through Spring Security.
            PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(googleUser, null);
            token.setDetails(ads.buildDetails((HttpServletRequest) request));
            try {
                authentication = authenticationManager.authenticate(token);
                SecurityContextHolder.getContext().setAuthentication(authentication);
                if (authentication.getAuthorities().contains(AppRole.NEW_USER)) {
                    logger.debug("New user authenticated. Redirecting to registration page");
                    ((HttpServletResponse) response).sendRedirect(REGISTRATION_URL);
                    return;
                }
            } catch (AuthenticationException e) {
                failureHandler.onAuthenticationFailure((HttpServletRequest) request, (HttpServletResponse) response, e);
                return;
            }
        }
    }
    chain.doFilter(request, response);
}